My Even DEEPER Dive into Custom DNS Across VPNs...

OKAY hopefully this cleared up a lot of the questions I was getting in our last video :) Thank you all for the feedback!
Don't forget to check out our Patreon: patreon.com/techlore
A few more updates:
- IVPN updated their documentation to be clearer! www.ivpn.net/knowledgebase/general/custom-dns/
- Android is actually using DoT, NOT DoH. Though for the purposes of this video this shouldn't impact the takeaways or general concepts.
- NextDNS has an open source CLI tool, though their native clients don't appear to be open source. With that said, we're not trying to use the native clients & I'm not concerned with the server being open source since there's no way for us to verify they're running that code anyway. But definitely a correction for people who desire more of these things.
- Linux & Windows have native DoH options that *may* work with some of these VPNs. (Didn't test this myself)
Thank you to people who are sharing more information regarding this situation, as always - I'm learning more from comments on UA-cam than from service's themself, which is really my core complaint here.

as someone who is fairly new to the tech security & privacy game my initial response was 🤯 but also thank you. i'm trying to decide on a new VPN as i WAS with WeVPN who recently just...went away. my current top two are iVPN & ProtonVPN but, i'm wondering if i should consider others. i'm still too much of a noob to be confident in my decision. i'm also very, very new to the custom DNS scene having been recently introduced to Quad9. at any rate, i do enjoy your videos & appreciate your honesty. thank you, again.

In previous one it was clear what IVPN and Net Guard are incompatible because Android can't run two VPNs at the same time. Thanks for fixing the mistake.

Great follow-up. As always appreciate your thoroughness and openness!

As a free use case, windscribe works but you are correct it's ip4 only. For the machine I'm using it on, it's fine. I don't use ip6 on that machine. I am waiting to upgrade my whole network. Wanting to get a pfsense box. I would like DoH but it's fine for a little coffee shop work machine.

Recently using the iVPN and NextDNS combo. Works well on my end.

Windscribe with NextDNS works for me on android. The problem is, it seems to be leaking the DNS request to the windscribe provided one occasionally. When I checked with dnsleaktest, sure it only shows the provided one, even with the extended test. But when I checked with ipleak it shows the that it hits 2 servers, one being the NextDNS with the majority hit (150 vs 2). I also checked if my NextDNS filter is being applied, and it did.

I use Proton with NextDNS. I use Linux, Windows and Android. Here is how I managed to have both DoT and VPN. Also I want my devices to report their name to identify queries.
Android
NextDNS - DoT
ProtonVPN - Wireguard
Windows
NextDNS - yoga dns
ProtonVPN - Wireguard
Linux
NextDNS - systemd-resolved
ProtonVPN - Wireguard CLI (I don't know why I can't import using GUI Network manager. Using Debian 12 KDE)
PS.Downloaded Wireguard configs work for both Android and Windows but not Linux. I mean for Linux you have to select GNU/Linux when downloading. So don't try to create a backup in the GUI app and use those config in Linux. In Linux you need to comment out DNS option in the config otherwise say good bye to the internet at least that is what I experienced.

Thanks for the followup video. But I have a question about DoH on Android, where do you set that up? The Private DNS option only allows a direct domain, so that only works with DNS-over-TLS/QUIC and not the DoH url. Is there any other setting I am missing? Or did you group DoT and DoH together? I am using Android 13.

Windows 11 does support native private custom DNS integration via HTTPS! Both via IPV4 and IPV6! I'm using Proton VPN with NextDNS comfortably on both Windows and Android without even touching the configuration of the VPN clients.

Still a little puzzled: I use ivpn on my Android phone, mostly. I have "custom/private" DNS set to use NextDNS under the Android OS settings. Do I also need to tell the ivpn app to use custom/private DNS, i.e. NextDNS? IOW, one or both? Sorry if dumb question...

Thanks, much appreciated. Do you use an IOS device?

nextdns at least has debugging tool to find which list blocks domain! love it

My old, deteriorating brain struggled with this one. Was the previous video found be be in error, or does that solution laid out still work as described? I'm just trying to keep things relatively private on my windows laptop, macbook, and iphone. The original video seemed to offer a minimalist solution that made some sense to me. Is that still the case? Thanks for your patience!

17:40 People don't use these features so we don't document them and people don't use these features because they aren't documented. Its a cycle. IDK man if I worked couple hundred man hours on a product or service you'd think I'd want to let people to know how to use it.

Yessss, we need more Videos about cool foss Android apps 📈

Is it a privacy issue when I use Androids DOH settings and a vpn? Ipleaks shows me the DNS server of Adguard and Nextdns.

Hey, man I'm a new sub and learned a lot quickly, so thanks for the great videos. Could you make a video on how to make a private, secure and anonymous E-mail account network/system? I was trying to research it but there are too many products and I don't know how to build an ecosystem with it, that is why I might need some help, please.

I'm still kind of confused about the set-up. I wanna make sure I'm using it right. Here's my setup:
System:
- Apple Configuration Profile on macOS
- DNS-over-TLS/QUIC on Android
Browsers:
- DNS-over-HTTPS on Brave Macbook
- DNS-over-HTTPS on Brave Mobile
Mullvad:
- IPv6 & DNS servers On Macbook
- IPv6 & DNS servers On Android
Does this look correct? Is it overkill?

excellent presso !

The documentation is a bit weird when they say they cover something but don't actually do that

thanks!!

Thanks for breaking down 👍
Wouldn‘t it be much easier for NextDNS to provide DoH/DoT config profiles for iOS like for example Quad9 offers!? 😂Someone should get in contact with them and suggest this Thus way they could offer the better DoT as well for everyone

how do you know that next dns is being used after u input the info???? i dont know if its working or not hehe

With android, I went into the settings of the device itself and put Next DNS as my private DNS and then ran Proton VPN as normal and went to multiple DNS detecting websites and they all said NextDNS with no DNS leaks.

4:35 the Linux client is currently in beta so not all features have yet been implemented

I can confirm that private DNS on Android works just fine with windscribe. Did you check if chrome's own DoH is turned off?

What about Unbound (using pihole)?

Can you make a video about DNS over Quic?

Does DoH with VPN reduce “privacy” as people stand out more? Also if you already trust VPN provider with your traffic how is custom DNS improve things?

Hey so what's the clear difference between DOT and DoH ?..
I think it was for Android and browser level😂 ..
TLS/HTTpS aren't same?

Can you do a video on internet protection for game consoles like ps5

Other systems are weird.. on Linux Desktop its just so easy to have such a custom solution.
Locally host your own DNS and passthrough the rest, no problem.

Whats the point of using other DNS than from the VPN provider? I mean, they have all visited IPs anyways.

Adguard VPN would have solved your problems, btw a review on it would be amazing

Proton vpn actually does support doh and custom dns on x64 Linux but not arm or x86

How did you get android to work?

Doh with ivpn on windows doesn’t work for me

Can you comment on obfuscation protocols like trojan gfw or v2ray?

To know if this works with Safing would be interesting :o

Apparently Android DoH + ProtonVPN also works while leaving Netshield on.. at least in my case.

Great, now I have proton and ivpn too! lol

only the nextdns command line (cli) is open source. nextdns (the resolver) itself isn't.

Hi,
Could you look into the samsung cloud and Samsung secure folder security?

I use NORD and I’ve never been able to use my set piholes as my DNS. Breaks the internet.

I'm primarily using Android and NextDNS and Torguard and the private DNS route seems to work ok for me.

Why you never cover torguard

Next dns, it's just a point of exposure.

Too soon to mention Tailscale? 😅

This is ridiculous. I paid for all 3 services because of your last video. That is because I am a desktop service man so I needed many services. Now I have to cancel the contract and I have a court date with the big one.

Wevpn Seem to work 🤔

I Think nord also support it 😂😂

Don’t feel bad, documentation of products is bad even when companies are in good faith, not to even mention bad faith marketing..
For products that just say “works on iOS and android!” but doesn’t say WHAT works on both, it’s like don’t even bother with them.
If they can spend millions of dollars developing a product, yet more hundreds of thousands of dollars marketing it, and then not take the time to document it, fk em~
No sympathy. Don’t waste your time doing their jobs for them, let evolution take its course.

Nice lack of apology. Way to be mad at the viewers calling you out, versus being disappointed in yourself.